Irish Data Protection Commissioner to begin Facebook audit

Summary:Ireland's Data Protection Commissioner will conduct a privacy audit of Facebook's activities. Facebook's international headquarters are in Dublin, so most of the site's users could be affected.

Billy Hawkes, Ireland's Data Protection Commissioner, has announced he will conduct a privacy audit of Facebook's activities. Since Facebook's international headquarters is in Dublin, all users outside the US and Canada could be affected by his findings.

His office has decided to investigate the company after an Austrian group called Europe versus Facebook made 22 complaints regarding the social network's practices. The group even managed to accidentally get Reddit involved, whose users recently overwhelmed Facebook with data requests. Here are all the complaints:

Pokes are kept even after the user "removes" them.

Facebook is collecting data about people without their knowledge. This information is used to substitute existing profiles and to create profiles of non-users.

Facebook is hosting enormous amounts of personal data and it is processing all data for its own purposes. It seems Facebook is a prime example of illegal "excessive processing".

Facebook is running an opt-out system instead of an opt-in system, which is required by European law.

The Like Button is creating extended user data that can be used to track users all over the internet. There is no legitimate purpose for the creation of the data. Users have not consented to the use.

Facebook has certain obligations as a provider of a "cloud service" (e.g. not using third party data for its own purposes or only processing data when instructed to do so by the user).

The privacy settings only regulate who can see the link to a picture. The picture itself is "public" on the internet. This makes it easy to circumvent the settings.

Facebook is only deleting the link to pictures. The pictures are still public on the internet for a certain period of time (more than 32 hours).

Users can be added to groups without their consent. Users may end up in groups that lead other to false impressions about a person.

The policies are changed very frequently, users do not get properly informed, they are not asked to consent to new policies.

"What we are doing is seen as the currently biggest legal action against Facebook in the German speaking area," Max Schrems of Europe versus Facebook told me. "There have been a couple of attempts to go after Facebook the new thing is that this now happening within Europe and that this authority has the power to fine them with up to €100.000 for every breach of the European law (they can also fine multiple times if Facebook would not comply)..."

The Data Protection Commissioner says it is likely to be the most detailed, challenging, and intensive audit ever undertaken by his office, according to RTÉ News. Hawkes said he will publish his findings by the end of the year.

Facebook has 800 million active users, but its headquarters in Palo Alto is not responsible for the majority of them. The company's international headquarters handles all users outside the US and Canada (many of the Facebook engineers I spoke to at f8 last week were from Dublin). In other words, the social networking giant's operations outside the US and Canada are subject to Irish and European data protection laws.

Some may think Facebook could end up being forced to move its operations away from Ireland, but that's very unlikely. Palo Alto chose Dublin for the tax incentives: approximately 2 percent tax in Dublin instead of 35 percent tax in the US, according to Schrems. Those are numbers that Facebook is willing to fight for.

I have contacted Facebook for more information about this issue and will update this article if I hear back.